diff options
| author | Mohit Mehta <mohit.mehta@vyatta.com> | 2009-08-07 18:44:52 -0700 |
|---|---|---|
| committer | Mohit Mehta <mohit.mehta@vyatta.com> | 2009-08-07 18:44:52 -0700 |
| commit | caabc26123111e111af8e6eaffbef3b80b382d6a (patch) | |
| tree | 6fd2fe8b857ed3fddd93b31f1f016658b7b72e31 /lib/Vyatta/IpTables | |
| parent | f34e53cb200f48f4fcc2a2d929851c34704ac3cd (diff) | |
| download | vyatta-cfg-firewall-caabc26123111e111af8e6eaffbef3b80b382d6a.tar.gz vyatta-cfg-firewall-caabc26123111e111af8e6eaffbef3b80b382d6a.zip | |
* Fix Bug 3625 Firewall protocol option should have a selection for TCP and UDP
added tcp_udp as a valid protocol value to match both tcp and udp in 1 rule
Diffstat (limited to 'lib/Vyatta/IpTables')
| -rw-r--r-- | lib/Vyatta/IpTables/Rule.pm | 32 |
1 files changed, 29 insertions, 3 deletions
diff --git a/lib/Vyatta/IpTables/Rule.pm b/lib/Vyatta/IpTables/Rule.pm index 6a743c7..5fec1b3 100644 --- a/lib/Vyatta/IpTables/Rule.pm +++ b/lib/Vyatta/IpTables/Rule.pm @@ -300,14 +300,22 @@ sub get_num_ipt_rules { my $self = shift; my $ipt_rules = 1; return 0 if defined $self->{_disable}; + my $protocol_tcpudp = 0; + if (defined $self->{_protocol} && $self->{_protocol} eq 'tcp_udp') { + $ipt_rules++; + $protocol_tcpudp = 1; + } + if (("$self->{_log}" eq "enable") && (("$self->{_action}" eq "drop") || ("$self->{_action}" eq "accept") || ("$self->{_action}" eq "reject") || ("$self->{_action}" eq "modify"))) { $ipt_rules += 1; + $ipt_rules++ if $protocol_tcpudp == 1; } if (defined($self->{_recent_time}) || defined($self->{_recent_cnt})) { $ipt_rules += 1; + $ipt_rules++ if $protocol_tcpudp == 1; } return $ipt_rules; } @@ -315,6 +323,7 @@ sub get_num_ipt_rules { sub rule { my ( $self ) = @_; my ($rule, $srcrule, $dstrule, $err_str); + my $tcp_and_udp = 0; # set CLI rule num as comment my @level_nodes = split (' ', $self->{_comment}); @@ -324,10 +333,14 @@ sub rule { if (defined($self->{_protocol})) { my $str = $self->{_protocol}; $str =~ s/^\!(.*)$/! $1/; - $rule .= "--protocol $str "; + if ($str eq 'tcp_udp') { + $tcp_and_udp = 1; + $rule .= " -p tcp "; # we'll add the '-p udp' to 2nd rule later + } else { + $rule .= " -p $str "; + } } - # set the session state if protocol tcp my $state_str = uc (get_state_str($self)); if ($state_str ne "") { $rule .= "-m state --state $state_str "; @@ -559,8 +572,21 @@ first character capitalized eg. Mon,Thu,Sat For negation, add ! in front eg. !Mo $rule2 = $recent_rule; $recent_rule = undef; } + return (undef, undef) if defined $self->{_disable}; - return (undef, $rule, $rule2, $recent_rule, ); + + my ($udp_rule, $udp_rule2, $udp_recent_rule) = (undef, undef, undef); + if ($tcp_and_udp == 1) { + # create udp rules + $udp_rule = $rule; + $udp_rule2 = $rule2 if defined $rule2; + $udp_recent_rule = $recent_rule if defined $recent_rule; + foreach my $each_udprule ($udp_rule, $udp_rule2, $udp_recent_rule) { + $each_udprule =~ s/ \-p tcp / -p udp / if defined $each_udprule; + } + } + + return (undef, $rule, $rule2, $recent_rule, $udp_rule, $udp_rule2, $udp_recent_rule); } sub outputXmlElem { |